Vulnerabilities Identified
OWASP 2021 Guidelines
| A01 - Broken Access Control A02 - Cryptographic Failures A03 - Injection A04 - Insecure Design A05 - Security Misconfiguration A06 - Vulnerable and Outdated Components A07 - Identification and Authentication A08 - Software and Data Integrity A09 - Security Logging and Monitoring A10 - Server Side Request Forgery |
Passive Scan Summary
Vulnerability Check | Description | Status | Severity | Exploitable | Impact | Recommendation |
|---|---|---|---|---|---|---|
| Insecure Communication | A05 - The application is accessible/ hosted only in HTTP. Hence, the application handles all the sensitive information including the login credentials in plain text | PASS | Critical | Easy | ||
| Browser Cache Weakness | A05 - Browsers can store information for purposes of caching and history. If sensitive information is displayed to the user (such as their address, credit card details, Social Security Number, or username), then this information could be stored for purposes of caching or history, and therefore retrievable through examining the browser's cache or by simply pressing the browser's Back button | PASS | Low | Difficult | ||
| X-Frame Options | A05 - In the application, X-Frame-Options Header is missing | PASS | Low | Difficult | ||
| X-XSS-Protection | A05 - The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. | PASS | Low | Difficult | ||
| HTTP Strict Transport Security | A05 - HTTP Strict Transport Security (HSTS) is a mechanism, which protects secure (HTTPS) websites from being downgraded to non-secure HTTP and cookie hijacking. This mechanism enables web servers to instruct their clients (web browsers or other user agents) to use secure HTTPS connections when interacting with the server, and never use the insecure HTTP protocol. | PASS | Low | Difficult | ||
| X-Content-Type-Options | A05 - The X-Content-Type-Options header (with nosniff value) prevents IE from ignoring the content-type of a response | PASS | Low | Difficult | ||
| Secure Attribute | A05 - Cookie does not contain the "secure" attribute, it might also be sent to the site during an unencrypted session | FAIL | Low | Difficult | Any information such as cookies, session tokens or user credentials that are sent to the server as clear text, may be stolen and used later for identity theft or user impersonation | Due to the sensitivity of encrypted requests, it is suggested to use HTTP POST (without parameters in the URL string) when possible, in order to avoid the disclosure of URLs and parameter values to others |
| Http Only | A05 - The application failed to include HTTP only attribute. | FAIL | Low | Difficult | Using the HttpOnly flag when generating a cookie helps mitigate the risk of client side script accessing the protected cookie. the cookie cannot be accessed through client side script. | HttpOnly flag is used to help prevent cross-site scripting, since it does not allow the cookie to be accessed via a client side script such as JavaScript. |
| Banner Disclosure | A05 - The application shows the Server information like web server and its version | PASS | Low | Difficult | ||
| Content Security Policy | A05 - In the application, the Content Security Policy Header is missing. | FAIL | Low | Difficult | Attacker can force the browser to load malicious third party resources | Configure your server to send the Content-Security-Policy header |
| Vulnerable and Outdated JS Libraries | A06 - Older version of Java Script libraries used by the application | PASS | Low | Difficult |
